Security News

China Uses Dual-Method Cyberattack on Czech Orgs

China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware.

Securing AI Agents Before They Go Rogue Is Next to Impossible

High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act now before they become the next horror story.

Infosecurity Europe

Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense

Twenty years after Dark Reading launched, we're looking ahead at what's next for enterprise security. Spoiler: It's hyper-segmented, AI-orchestrated, and way more sophisticated than your dad's firewall.

Anthropic to Open Mythos AI to EU's ENISA

The European security agency's entry to Project Glasswing is the result of "strong bilateral cooperation" between the European Commission and Anthropic.

Microsoft's Zero-Day Legal Threats Spark Backlash

After a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order.

Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit

Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.

Name That Toon: Mark of (Cybersecurity) Progress

As part of Dark Reading's 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about the industry's last two decades.

Asia's Cyber Insurance Market Shows Signs of Life

The cyber insurance industry has made relatively weak inroads into Asia due to a a variety of factors, but that could be changing.

With Complex Cloud Integrations, Small Errors Lead to Major Compromises

Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a popular automation service.

'The Com' Cyberattacks Support Violence & Sexploitation

Your organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes.

As Global Powers Explore Humanoid Robots, Cyber-Risk Looms

The future of cybersecurity is germinating, as nation states vie for dominance in the embodied AI market and its supply chain.

Dutch Raid Fails to Dent Russian Bulletproof Host

Dutch law enforcement seized 800 servers and arrested two operators of THE.Hosting but left the hosting provider's core IP address space intact.

Agentic AI Isn't Risky; the Way Orgs Deploy It Is

AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap.

Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security

In this latest installment of the Reporters' Notebook video series, we discuss how cyber insurance is forcing organizations to quantify risk, what's covered (and what's not), and why this could be the best thing to happen to cybersecurity.

BTMOB RAT Spreads Across Brazil, LatAm via MaaS Model

An advanced remote access Trojan is propagating online. Notably, it's delivered via an operator licensing model and features a no-code malware-development interface.

Nordic CISOs Handle Rising Cyber Threats Remarkably Well

Artificial intelligence notwithstanding, the vast majority of CISOs in northern Europe say they're facing no more serious cyberattacks than they did two years ago.

Ransomware Actors Show Up In Person to Steal Law Firm Data

The FBI warned that the extortion gang Silent Ransom Group is targeting law firms and socially engineering its way into servers and databases.

Latin American Cybercriminals Hoover Up Government Data

A purported leak exposing 5.8 million records of Uruguayan citizens is the latest incident where cybercriminals targeted government agencies to monetize citizen data.

AI-Assisted Exploit Development Outpaces Scanner Detection

Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to new research.